You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug audit report says input signal s is not constrained in eff_ecdsa.circom. Based on my tests, I believe there is insufficient constraint on T.
I set s to 0 and varied T, and ultimately found that sMultT is not 0, and the output pubKey does not equal U. This result contradicts the comments in the code.
When I set Tx and Ty to 0, regardless of the value of s, the outputs are pubKeyX = Ux and pubKeyY = Uy.
template EfficientECDSA() {
var bits = 256;
signal input s;
signal input Tx; // T = r^-1 * R
signal input Ty;
signal input Ux; // U = -(m * r^-1 * G)
signal input Uy;
signal output pubKeyX;
signal output pubKeyY;
// sMultT = s * T
component sMultT = Secp256k1Mul();
sMultT.scalar <== s;
sMultT.xP <== Tx;
sMultT.yP <== Ty;
// pubKey = sMultT + U
component pubKey = Secp256k1AddComplete();
pubKey.xP <== sMultT.outX;
pubKey.yP <== sMultT.outY;
pubKey.xQ <== Ux;
pubKey.yQ <== Uy;
log("the value of s: ",s);
log("the value of sMultT.outX: ",sMultT.outX);
log("the value of sMultT.outY: ",sMultT.outY);
pubKeyX <== pubKey.outX;
pubKeyY <== pubKey.outY;
}
Bug audit report says input signal s is not constrained in eff_ecdsa.circom. Based on my tests, I believe there is insufficient constraint on T.
I set s to 0 and varied T, and ultimately found that sMultT is not 0, and the output pubKey does not equal U. This result contradicts the comments in the code.
When I set Tx and Ty to 0, regardless of the value of s, the outputs are pubKeyX = Ux and pubKeyY = Uy.
Test for s
input0
input.json
public.json
input1
input.json
public.json
Analyse
I think the above two sets of inputs should yield the same output, but the results do not match.
The text was updated successfully, but these errors were encountered: